The secureUrlList
argument in etc/frontend/di.xml
defines the URLs which should be secure (use HTTPS) if the «General» → «Web» → «Base URLs (Secure)» → «Use Secure URLs on Storefront» option is enabled.
The excludedUrlList
defines the URLs which should not be secure even if the «Use Secure URLs on Storefront» option is enabled.